General
-
Target
AWB-9899691012.cab
-
Size
456KB
-
Sample
210401-s7k3al1mb2
-
MD5
6bab3cd877188d3730b838e75e82b9c0
-
SHA1
e056d3faea77552bf712fda0daaec65726142aa8
-
SHA256
ee812fa860c2283da910b616bdf55a14d88520af3e727cbe875f37ac962e8fd3
-
SHA512
04775b724f1c52600b74b184c0e2a64381b0c7523991a372dbe1a58fbd43870568a27ebaa008687758da542bcecd0987516a84c96dd9630d2f8a9fa8d8a9b746
Static task
static1
Behavioral task
behavioral1
Sample
AWB-9899691012.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AWB-9899691012.exe
Resource
win10v20201028
Malware Config
Extracted
oski
http://45.85.90.220
Targets
-
-
Target
AWB-9899691012.exe
-
Size
708KB
-
MD5
ec57669d9ea9b2ce78acd0962dd37761
-
SHA1
175f43377e8df78601a8c93a6885025647b95e56
-
SHA256
9dbdfcb4749e6e441ca65cf71d75944cf90111832d10b8048b70cfe084b6e675
-
SHA512
20a34130753d3bf5249727f80cf2d6f34cc771837b89796fed700e04b76928a98bf81a5433696d6b4e4c29dea9848586fab1b9de7b5eaed214ef67d06ea42d38
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-